Post navigation

A CISO’s Minefield – Dysfunction on the Board

I tweeted the other day in response to a blog post I read which seems to be an upward trend of information intended to help CISO’s disseminate information to their board of directors.
Good actionable information for sure but I feel the need to push the envelope a little and provide some unvarnished and unsolicited observations about boards.

Board members are silos to themselves – My experience has been that board members are generally smart, successful independent types. They are often wonderful resources for asking entrepreneurial questions and generally getting to know better, even if only to further your agenda. Rule of thumb: They generally like to talk about themselves, so let’em…

In many cases these individuals are highly competitive and often do not like other board members. Rule of thumb: Boards are at often AT LEAST as dysfunctional as the organizations they govern.

Some board members do not understand the business – Many times especially within smaller companies board members will be family members that have no clue what the business actually produces let alone how it operates. If they do talk to the CISO they may ask what kind of gun they carry. “You are security, right”..?

Don’t spend much time on these folks. Rule of thumb: Focus efforts on board members that can actually spell vulnerability.

Understand the CISO’s place – There might as well be a sucking sound that accompanies any CISO’s entrance to the boardroom. That sucking sound is the board’s top line revenue being sucked dry. Let’s be real. The board only cares about security insofar as it relates to the income statement, balance sheet or cash flow. Speaking to them on any other terms is wasting oxygen. Rule of thumb: To be a successful CISO you must relish being a cost center. Success is defined by sucking less…

The bottom line is that success in the boardroom is the same as success in life. Observation, seeking to understand, developing relationships, being strategically humble for tactical gain are all key.

Post navigation

Why Cloud Insanity?

If software is eating the world, then the cloud must be its digestive system. Those of us that work “in the cloud" know what a messy job it can be.

We are riding an unprecedented wave of technological innovation that is both awesome and terrifying. Rapid change, incessant unrelenting noise and the need to transform organizations seemingly overnight makes sanity a stretch goal, at best.

Writing about it helps me. I hope it can help you in some small way as well.

Stuart Clark

Stuart Clark

Stuart is a security strategist, consultant, and entrepreneur. His 25 years of converged security experience span a diverse spectrum of law enforcement, venture backed startups, and high growth multi-billion dollar financial services firms.

He has served in the role of Reluctant CISO for the last 15 years. He is not particularly fond of the role but gains great satisfaction when his efforts results in measurable improvements to the security and overall maturity of organizations.

As a commissioned Texas Peace Officer and CISO (Chief Information Security Officer) Stuart is uniquely positioned to serve as a bridge between law enforcement, technologists and the public. He writes and speaks frequently on technology, law enforcement, and cybersecurity topics.